The story of Michael Lynn standing up to the big and mighty Cisco remains to be intriguing.

Having just read the legal document that Cisco and ISS filed, it becomes clear just how serious Cisco is taking this.

• Click here to download a word document with the injunction that was provided to me by Cisco.

To read the background information on what exactly happened, read this posting, or this news story.

In summary: Lynn showed how he could take a Cisco router offline at the Black Hat security conference. But his employer ISS and Cisco didn't want him to give that presentation. Lynn quit his job, ISS and Cisco filed a lawsuit hoping to make him shut up. Lynn (rightfully) wet his pants and agreeded to the injunction.

Cisco was holding a legal trump card: by reverse engineering the IOS software that runs Cisco's routers, Lynn violated the vendor's copyrights.

The injunction demands that Lynn presents a list of people who have 1) received written or electronic information about the presentation (this excludes people who heard him give the presentation); 2)  received information about Cisco's code during Lynn's research; 3) a list of websites where Lynn directedly or indirectly posted information about the presentation or Cisco code, or websites where he is aware such information is disclosed.

In other words: any blogger that took notes and posted too much detail about how Lynn's attack worked can expect a phone call from the Cisco and ISS lawyers, demanding that they remove the information.

Because Cisco effectively says that all information from the presentation is the result of a copyright violation, the company would have a decent shot at succeeding.

But does that solve the security issue?

Photo credit:  Syam Hassan

Tags: cisco, ios, black hat, michael lynn, iss 

29 Jul 2005